From 57e7a75760807b0d174d20b2151426c46b0c7910 Mon Sep 17 00:00:00 2001
From: Clyde Griffin <griffinc@ainfosec.com>
Date: Thu, 12 Dec 2024 08:45:00 -0700
Subject: [PATCH] Set CR4[18] OSXSAVE in cr4_guest_host_mask

During boot Windows 11 as a guest VM was
faulting on XSETBV instruction because
CR4[18] OSXSAVE was not set. (XSETBEV is
undefined if CR4[18] OSXSAVE is not set.)

This patch sets cr4_guest_host_mask[18]
causing the the corresponding cr4 shadow
register to virtualize the state of
CR4[18].  This results in a more robust
CR4 implementation and removes the chance
of CR4[18] OSXSAVE corruption.
---
 deps/hypervisor/bfvmm/src/hve/arch/intel_x64/vcpu.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/deps/hypervisor/bfvmm/src/hve/arch/intel_x64/vcpu.cpp b/deps/hypervisor/bfvmm/src/hve/arch/intel_x64/vcpu.cpp
index 9ed7a6ca9..3c3a987c4 100644
--- a/deps/hypervisor/bfvmm/src/hve/arch/intel_x64/vcpu.cpp
+++ b/deps/hypervisor/bfvmm/src/hve/arch/intel_x64/vcpu.cpp
@@ -162,6 +162,7 @@ vcpu::vcpu(
     m_microcode_handler{this},
     m_vpid_handler{this}
 {
+    using namespace ::intel_x64::cr4::osxsave;
     using namespace vmcs_n;
     bfn::call_once(g_once_flag, setup);
 
@@ -197,7 +198,7 @@ vcpu::vcpu(
     m_vpid_handler.enable();
     m_nmi_handler.enable_exiting();
     m_control_register_handler.enable_wrcr0_exiting(0);
-    m_control_register_handler.enable_wrcr4_exiting(0);
+    m_control_register_handler.enable_wrcr4_exiting(::intel_x64::cr4::osxsave::mask);
 }
 
 //==============================================================================